Privacy Policy

LEONHARD KURZ Stiftung & Co. KG (hereinafter "KURZ") respects any concerns regarding the protection of the security and privacy of personal data.

 

Therefore, KURZ processes your personal data in compliance with applicable laws on data protection and data security and in accordance with this Privacy Policy.

 

For further information how personal data is processed at KURZ click here.

This Data Protection Statement applies equally for all Internet offerings ("Website(s)") for which KURZ is considered the controller (see Section 2).

2.1 Controller

As defined in the EU General Data Protection Regulation (GDPR) as well as other national data protection laws of the member states, and other data protection provisions, the controller is:

 

LEONHARD KURZ Stiftung & Co. KG   
Schwabacher Strasse 482   
90763 Fürth, Germany

+49 911 71 41-0

sales(at)kurz.de

 

2.2 Contact information for the data protection officer

You can contact the controller's data protection officer at the following address:

 

MKM Datenschutz GmbH   
data protection officer   
Äußere Sulzbacher Str. 124a   
90491 Nuremberg, Germany

+49 911 669577-0

dsb(at)kurz.de

3.1 Scope of personal data processing

As a general rule we do not process our users' personal data unless it is necessary to enable us to present a functioning website and our content and services. As a matter of course, our users' personal data is not processed without the user's consent. One exception would be cases in which it is not possible to obtain the consent beforehand for practical reasons, and/or if processing of the data is permitted by legal provisions.
In particular, your data is processed for the following purposes:

  • The online services offered on our Websites (e.g., newsletter, contact form, etc.) are specifically designed to help us reach our business objectives. To this end, we need to continuously optimise the services we provide online (customer satisfaction, security, user friendliness, etc.).
  • The main reason we process data is if it is needed to substantiate the legal relationship, or to design or amend the content thereof.
  • To send you information, including advertising materials (e.g., the newsletter).
  • To lend our Websites still greater appeal; to identify points of particular interest and also publicise usage-based online advertising.
  • To analyse and evaluate visitor access events and also to detect any technical problems and respond to them in good time.

 

3.2. Legal basis for processing personal data

If we obtain consent from the data subject to carry out processing operations on personal data, our activities are governed by Art. 6 Para. 1 letter a GDPR as the legal basis therefor.


If it is necessary to process personal data in order to fulfil a contract to which the data subject is a contracting party, our activities are governed by Art. 6 Para. 1 letter b GDPR as the legal basis. This also applies for processing activities essential for pre-contractual arrangements, in response to enquiries about our products or services, for example.


If we need to process personal data to comply with a legal obligation to which our company is subject, (e.g., tax obligations), the legal basis for this is Art. 6 Para. 1 letter c GDPR.


If it is essential to process personal data to protect the vital interests of the data subject or another natural person, the legal basis therefor is Art. 6 Para. 1 letter d GDPR.
If such processing is essential in order to safeguard the legitimate interests of our company or of a third party and these interests are not outweighed by the interests, basic rights and basic freedoms of the data subject, Art. 6 Para. 1 letter f GDPR serves as the legal basis therefor. This applies e.g. to collections and analyses for statistical purposes, which we carry out to optimise our web offerings.

 

3.3. Retention period and erasure of personal data

We only process and store your personal data for the period necessary to fulfil the purpose for which it is stored. When its purpose has been fulfilled or ceases to exist, your personal data is erased or blocked. It can be stored for longer than this if such provisions appear in the European or national legislatures in legally binding ordinances, laws or other regulations of the European Union to which the controller is subject. The data is also blocked or erased when a retention period stipulated in the aforementioned norms expires, unless there is a pressing need for continued retention of the data to enable the conclusion or fulfilment of a contract.

Every time they are accessed, our Websites automatically capture a range of general data and information, which is stored temporarily in a server's logfiles. 
In this context, the following data may be captured:

  • Access to the Website (date and time)
  • How you came to the Website (previous page, hyperlink etc.)
  • Which browser (and version) you use
  • The operating system you use
  • Which Internet service provider you use
  • Your IP address, which is assigned to your computer by your Internet service provider for when you connect to the Internet  
     

 

In rare cases, this (technical) data in the logfiles may be personal data. The temporary storage of the IP address by the system is necessary to enable the Website to be delivered to the user's computer. To allow this, the user's IP address has to remain stored for the duration of the session. As a rule, however, we only use this data if it is absolutely necessary for technical reasons to ensure operation and protect our Websites from attacks and misuse; in pseudonymised or anonymised form it is also used for purposes of advertising, market research and to help us design our services to meet current needs. This is why users' IP addresses are stored as a technical precaution for a period not exceeding 7 days. They may be stored for longer. In this case, the users' IP addresses are erased or masked so that it is no longer possible to make a connection to the accessing client. This data is not stored together with any of the user's personal data.

 

The legalbasis for temporary storage of the data and logfiles is Art. 6 Para. 1 letter f GDPR.

 

The capture of the data in order to deliver the Website and storage of the data in logfiles are both essential for enabling operation of the Website. Consequently, the user has no right of objection in this case.

On our Websites, you will find contact forms which you can use to communicate your wishes to us according to your area of interest. The data you supply in the input mask (e.g., your company, name, email address, etc.) is used by us to appropriately respond to your contact.

 

The legal basis for processing data where the user's consent has been given is Art. 6 Para. 1 letter a GDPR. The legal basis for processing data associated with the contact form is Art. 6 Para. 1 letter f GDPR. If the email indicates an intent to enter into a contract, a further legal basis for processing is constituted by Art. 6 Para. 1 letter b GDPR. The data is erased as soon as it is no longer needed to fulfil the purpose for which it is collected. You can object to the further processing of your data at any time.

You will find the necessary forms for job applications on our Websites; you can use these to provide us with your job application information (e.g., name, address, email address etc.).

 

In order to be able to process your application effectively, we use the applicant management system provided by our partner HR4YOU Solutions GmbH & Co. KG ("HR4YOU"). For this purpose, when you initiate an online application you are redirected to a domain operated by our partner HR4YOU, where you can enter your information. HR4YOU carries out order processing tasks on our behalf and is accordingly permitted to process the information you provide solely in accordance with our instructions. To ensure that this is the case, we have entered into a number of agreements regarding both technical and organisational measures with HR4YOU to ensure that we are able to guarantee that your application data will be protected. If your application leads to an employment contract, the information you have transmitted to us may be stored by us in your (digital) personnel file for purposes of the usual organisational and administrative process, subject to the applicable legal regulations.

 

The legalbasis for processing data from the job application forms is Art. 6 Para. 1 letter b GDPR. You can object to the further processing of your data at any time.

 

If you have given your consent, we may also process and use your personal data from the application procedure (surname, first name, residential address, email address, telephone numbers, cover letter, letter of motivation, curriculum vitae, qualifications, references, information from the application interview) for a maximum period of 1 year after the application procedure is completed. This is done to ensure that we can contact you for professional purposes and possibly let you know of a job offer from us. This data can be accessed by employees in the Human Resources department and the decision makers in the respective technical departments. You are entitled to withdraw your consent at any time without giving a reasons and with effect for the future. If you do withdraw your consent, your information will not be considered for subsequent vacancies. Your information will then be erased in keeping with the applicable provisions of the law.


We would point out here that risks are also generally associated with the transmission of data across the Internet (see Section 20.1).

As part of our B2B webshop, we process your customer data in all cases to help us manage the associated business processes. On the one hand, this involves the data that is needed directly for the ordering process, such as billing and delivery addresses, which may contain personal data. If such is necessary to enable the order to be carried out, this data may also be transmitted to the transport service provider we have tasked with delivery. On the other hand, the data each customer enters in the B2B webshop user administration system themself is also processed. This enables us to track which user has submitted which purchase order. The legalbasis for processing your personal data in the B2B webshop is Art. 6 Para. 1 letter b GDPR, since this data is used for purposes of fulfilling a contract within the meaning of Art. 6 Para. 1 letter b GDPR. You can object to the further processing of your data at any time, unless we are obliged to continue storing it to comply with statutory, incorporation-related or contractual retention requirements. For more information about the cookies we use in the B2B webshop, please refer to Section 18 "Cookies" in this Data Protection Statement.

On our Website, you will find the option to subscribe to our free newsletter. When you register to receive the newsletter, the information you enter in the input mask - that is to say at least your email address - is transmitted to us. In order to be able to process information for the registration process, we obtain your consent and refer you to this Data Protection Statement. The consents to distribution are obtained on the basis of Art. 6 Para. 1 letter a, Art. 7 GDPR. For the registration to receive our newsletter, we use the "double opt-in" procedure. This means that after you have given us your consent to send you the newsletter as part of the registration process, we send you a confirmation email to your email address, in which we ask you to confirm your registration. If you do not provide this confirmation within 72 hours, your registration is deleted automatically. If you confirm your wish to receive the newsletter, we store your data until you unsubscribe from the newsletter. The only purpose for which this data is stored is to enable us to send you the newsletter. We also store your IP addresses and times when you send us your registration and confirmation to prevent your personal data from being misused (e.g., registration for the newsletter using a different email address). This other personal data which is collected in the course of the registration process is typically deleted after a period of seven days.

 

You can withdraw your consent for us to send you the newsletter at any time. To notify us of your withdrawal, you simply need to click on the link which is provided in every newsletter email or send an email to newsletter@kurz.de.

It is our stated aim to continually optimise our online offering for you. For the purposes of analysing and evaluating the behaviour of visitors to our Websites, we use Google-Analytics.

 

This service is provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Irland.

 

Google-Analytics uses cookies; for more information on this subject, please refer to Section 18. "Cookies" in this Data Protection Statement.

On our website, we use the service Google Tag Manager of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google Tag Manager). Google Tag Manager offers a technical platform to run and bundle other web services and web tracking programs using so-called ‘tags.’ In this context, Google Tag Manager stores cookies on your computer and analyses your surfing behavior (so-called ‘tracking’) if web tracking tools are executed using Google Tag Manager. This data sent by individual tags integrated into Google Tag Manager is aggregated, stored, and processed by Google Tag Manager under a uniform user interface. All integrated ‘tags’ are listed separately again in this privacy policy. Further information on the data protection of the tools integrated in Google Tag Manager can be found in the respective section of this privacy policy. In the course of using our website with activated integration of tags from Google Tag Manager, data such as, in particular, your IP address and your user activities are transmitted to servers of the company Google Ireland Limited. With regard to the web services integrated using Google Tag Manager, the provisions in the respective section of this privacy policy apply. The tracking tools used in Google Tag Manager ensure that the IP address is anonymised by Google Tag Manager before transmission by means of IP anonymization of the source code. Google Tag Manager only collects anonymized IP addresses (so-called IP masking).

 

The legal basis for data processing is your consent in our information banner regarding the use of cookies and web tracking (consent through clear confirming action or behavior) in accordance with Art. 6(a) GDPR.

 

On our behalf, Google will use the information obtained through Google Tag Manager to evaluate your visit to this website, to compile reports on website activity, and to provide us with other services related to website and internet usage.

 

Google will store the data relevant for the Google Tag Manager function for as long as it is necessary to provide the booked web service. Data is collected and stored anonymously. If there is a reference to a person, the data will be deleted immediately, provided that it is not subject to any statutory retention obligations. In any case, deletion takes place after the retention obligation has expired.

 

 

You can prevent the collection and forwarding of personal data (especially your IP address) to Google as well as the processing of this data by Google by deactivating the execution of script code in your browser, installing a script blocker in your browser, or activating the ‘Do Not Track’ setting in your browser. You can also prevent the collection of data generated by the Google cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link https://tools.google.com/dlpage/gaoptout?hl=en. Google's security and privacy policies can be found at https://policies.google.com/privacy?hl=enhttp

In order to be able to present you with online advertising which is tailored individually to your usage behaviour on our Websites, we use the following services/technologies:

Google AdWords Conversion
Google Dynamic Remarketing
Double Click by Google

 

The provider of these services is Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Irland.

 

These services rely on the use of cookies; for more information on this subject, please refer to Section 18. "Cookies" in this Data Protection Statement.

The Websites use the YouTube video platform, which is operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA. YouTube is a platform that enables the playback of audio and video files.

 

When you access a page from our Internet presence, the player which is integrated in the page by YouTube creates a link to YouTube that ensures the technical transmission of the video and/or audio file. When the link to YouTube is created, data is transmitted to YouTube. The YouTube server receives information about the specific page of our Internet presence that you visited. If you also happened to be logged into your YouTube account, you would enable YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this capability entirely by logging out of your YouTube account beforehand.

 

For more information about the collection and use of your data by YouTube and your rights in this regard and setting options for protecting your privacy, please refer to the notes on data protection there under https://policies.google.com/privacy?hl=de.

We use on our site the service Google reCaptcha of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: www.google.com. Personal data is also transferred to the U.S. With regard to the transfer of personal data to the U.S., there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 of the GDPR (hereinafter: DPF - commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

 

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

 

If Google reCaptcha is activated on our website, the data determined by Google reCaptcha will be transmitted to servers of the company Google Ireland Limited. As part of the order processing, personal data may also be transmitted to the servers of the parent company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. based on specific characteristics and an analysis of page behaviour, the service recognises whether the entries made are automated entries by means of a programme (so-called bot) or human. The service has three different levels. Either the service automatically recognises that the input is not automated by a bot or it lets the user select a captcha checkbox. A third option is the display of small image or voice tasks / text tasks that have to be solved by the site visitor. Google reCaptcha is a capcha service that is used on our website for security reasons to prevent bots (robot programs) from interacting with our website. Google reCaptcha verifies on our behalf that only humans and not bots can use our website. This enables us to protect the special functions of our website (e.g. contact forms or other input options such as the login area) from improper page access.

 

For processing itself, the service or we collect the following data: User behaviour (e.g. mouse gestures or input behaviour), IP address, browser data, computer information.

 

If you wish to use the Google reCaptcha-protected input options on our website, you must allow the use of Google reCaptcha and, if necessary, solve the corresponding captchas. If you do not fill in the captcha or do not allow the use of Google reCaptcha, you will not be able to use the form protected by the captcha. Alternatively, you can always use our other contact options (e.g. post or email). You can access the certification under the EU-US Data Privacy Framework at www.dataprivacyframework.gov/s/participant-search/participant-detail.

 

You can revoke your consent at any time. You will find more information on revoking your consent either with the consent itself or at the end of this privacy policy.

 

For further information on the handling of transmitted data, please refer to the provider's privacy policy at policies.google.com/privacy. The provider also offers an opt-out option at support.google.com/My-Ad-Center-Help/answer/12155451.

We use the Mouseflow service provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark.


The transmission and processing of personal data takes place exclusively on servers in the European Union.



The legal basis for the transmission of personal data is your consent in accordance with EU Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR that you have provided on our website.


The service collects information about your user behavior on our website and processes this in the context of a technical user behavior analysis.
You can withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent declaration itself or at the end of this Privacy Policy.

 



Further information on the handling of the transferred data can be found in the provider’s Privacy Policy at https://mouseflow.de/privacy/.
The provider also offers an opt-out option at https://mouseflow.com/opt-out-old/http

On our website, we use the flowplayer.org service provided by Flowplayer AB, Regeringsgatan 29, 5th Floor, 111 53 Stockholm, Sweden; website: flowplayer.com. The transmission and processing of personal data takes place exclusively on servers in the European Union.



The legal basis for the transmission of personal data is your consent in accordance with EU Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR that you have provided on our website.



The service is a plugin that we need in order to be able to display all content on our website to you. The plugin makes our website more attractive and easier to experience for our site visitors. Flowplayer also offers the possibility to analyze and monetize videos. Videos are connected via an API. When loading or viewing a video, data is reloaded from Flowplayer's servers, and the video is displayed and analyzed on our website. This includes personal data such as your IP address and user activities that are transmitted to Flowplayer’s servers and processed there.



You can withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent declaration itself or at the end of this Privacy Policy.

Further information on the handling of the transferred data can be found in the provider’s Privacy Policy at https://flowplayer.com/privacy-policy.

We use the LinkedIn service provided by LinkedIn Ireland Unlimited Company, Wilton Place, 2 Dublin, Ireland on our website, e-mail: info_impressum@cs.linkedin.com, website: www.linkedin.com. Processing also takes place in a third country, for which there is no Commission adequacy decision. Therefore, the usual level of protection of the GDPR cannot be guaranteed for the transfer, as it cannot be ruled out that in the third country, authorities etc. can access the collected data.



The legal basis for the transfer of personal data is your consent pursuant to EU Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR that you have provided on our website.
When using the LinkedIn plugin, we establish a connection to the LinkedIn platform in order to to give signed-in LinkedIn members the opportunity to interact with us.



You can withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent declaration itself or at the end of this Privacy Policy.



Further information on the handling of the transferred data can be found in the provider’s Privacy Policy at https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.

 


The provider also offers an opt-out option at https://www.linkedin.com/help/linkedin/answer/68763?lang=enhttp

We use the LinkedIn Analytics service provided by LinkedIn Ireland Unlimited Company, Wilton Place, 2 Dublin, Ireland on our website, e-mail: info_impressum@cs.linkedin.com, website: www.linkedin.com. Processing also takes place in a third country, for which there is no Commission adequacy decision. Therefore, the usual level of protection of the GDPR cannot be guaranteed for the transfer, as it cannot be ruled out that in the third country, authorities etc. can access the collected data.



The legal basis for the transfer of personal data is your consent pursuant to EU Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR that you have provided on our website.
The service is a plugin that we need in order to be able to display all content on our website to you. The service may also be used for tracking and/or advertising integration.



You can withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent declaration itself or at the end of this Privacy Policy.



Further information on the handling of the transferred data can be found in the provider’s Privacy Policy at https://www.linkedin.com/help/linkedin/answer/68763?lang=en.

 


The provider also offers an opt-out option at https://www.linkedin.com/help/linkedin/answer/68763?lang=enhttp

Our Websites use cookies under certain circumstances. Cookies are small text files which are stored in the Internet browser and/or on the user's computer system and enable your use of the Website to be analysed.


Cookies serve to make our Websites and online services more user-friendly, more effective and more secure. These and similar technologies are used for wide variety of purposes, including storing your settings, logging in and authentication, interest-related online advertising, analyses and statistics.

 

The legal basis for processing personal data using cookies is Art. 6 Para. 1 letter f GDPR. When they access our Websites, users are informed about the use of cookies in an info banner and referred to this Data Protection Statement.

 

Most of the cookies we use are of the type known as "session cookies". They are deleted automatically at the end of your visit to our Website. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser again the next time you visit.

 

You yourself decide on the use of cookies:  
You can make settings in your browser so that you are informed when cookies are set, and you can decide whether to accept them on a case by case basis, for certain cases, or to block them generally, and activate the automatic deletion of cookies when you close your browser.

 

Deactivating cookies may have the effect of limiting the functionality of the Website.

 

In the following section, we will provide details about the services on our Websites that use/implement cookies:

 

18.1 Google-Analytics

Our Websites use functions provided by the web analysis service Google Analytics to determine which content on our Websites is most interesting to you, for example.  
The information generated by the cookie about your use of this Website is usually transmitted to a Google server in the USA and stored there.

 

For more information about how Google Analaytics handles user data, please refer to the Google Data Protection Statement: https://support.google.com/analytics/answer/6004245?hl=de

 

Browser Plugin  
You can prevent cookies from being stored by making the corresponding setting in your browser software; but we would point out that in this case you may not be able to use the full range of functions offered on this Website. You can also prevent collection of the data generated by the cookie relating to your use of the website (including your IP address) and processing of that data by Google by downloading and installing the browser plugin which is available on the following link: https://tools.google.com/dlpage/gaoptout?hl=dehttps>http://www.google.com/policies/technologies/ads/http  
 

 

18.3 Google Dynamic Remarketing

This function serves to present to visitors to the Website interest-specific advertisements for "similar target groups" within the Google advertising network. The browser of the Website user stores cookies which render the user recognisable when they return to Websites which belongs to the Google advertising network. On these pages, the user can then be presented with advertisements relating to the content the visitor viewed previously on Websites that use the Google Remarketing function. By its own account, Google does not collect any personal data in this process.

 

Option to object 
If you still do not wish to have the Google Remarketing function on your computer, you can deactivate it generally by making the corresponding settings at http

 

Alternatively, you can deactivate the use of cookies for interest-specific advertising via the Advertising Network Initiative (NAI) by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp

 

For more detailed information about Google Remarketing and the Google data protection statement, please visit: http://www.google.com/privacy/ads/http>http://www.google.com/settings/adshttp or


on a deactivation page of the network advertising initiative (NAI):
 

 

18.5 B2B Webshop

We use the following cookie in our B2B webshop:

For the purposes described in Section 3.1, your data is also transmitted to the responsible offices of KURZ and to affiliates of KURZ if this is necessary in order to fulfil the stated purposes and thus conforms to the legal permission regulations or if you have given your consent for the transmission.

 

We are permitted to forward personal data to third parties if for example participations in promotional activities or competitions etc. are jointly offered by us with a third party provider. In these cases you will be advised in a separate notice that your personal data will be sent to third parties before it is transmitted.

 

We use external service providers in some cases to process your personal data. These providers have been selected by us with extreme care and engaged in writing. They are bound by our instructions and are reviewed by us regularly. The service providers will not communicate this personal data to third parties.

 

Furthermore, we ensure that your personal data is not communicated to third parties unless we are obliged to do so by law or unless you have explicitly stated that we may do so.

20.1 Data security on the Internet 

The Worldwide Web is a publicly accessible system. If personal data is divulged online, this data is transmitted at the user's risk. The data can be lost in transit or may fall into the hands of unauthorised third parties. KURZ has adopted measures to guarantee the confidentiality and security of your personal data.

 

Your data is protected conscientiously from being lost, destroyed, falsified, manipulated or exposed to unauthorised access or unauthorised disclosure e.g., by the following methods:

  • If you transmit your personal data to us via our Website or in an email, it will only be used for the purpose stated in Section 3.1.
  • Our employees are bound individually to observe a duty to confidentiality and are obliged to observe the principles of data secrecy.
  • Our security measures reflect the current state-of-the-art as far as reasonably possible.
  • The security of our systems is checked regularly, so that we can permanently protect the data entrusted to us from any damage, loss or access.
  • The data protection officer works continuously to ensure that the provisions of the law are maintained.

 

20.2 Recommendations for improving your personal data security 

  • You can configure your browser so that you are informed as soon as cookies are to be set, so that you can accept them globally or on a case by case basis, or reject them globally (see Section 18).
  • You can see whether an Internet connection is secure, among other things, from the address. If the address begins with https, this indicates that the connection is secure (e.g. https://....de). We are making every effort to convert all of our Websites to https where this has not yet been done. Another indicator is the symbol of a locked padlock in the bottom icon tray of your browser.
  • We will never ask you to communicate confidential data such as a PIN number or your password by email, over the phone or by SMS, nor will we ask you to return or specify this data or enter access data directly.

If personal data about you is processed, you are a data subject within the meaning of the GDPR, and you have the following rights in respect of the controller. Regarding this matter, please contact our data protection officer using the contact information provided in Section 2.2

 

21.1 Right to information 

You have the right require that we provide you with information about the personal data we have stored relating to you.

 

21.2 Right to rectification 

You have the right to require that personal data relating to you be corrected and/or completed immediately.

 

21.3 Right to restriction of processing 

You have the right to require that the processing of your personal data be restricted if you are contesting the accuracy of the data, if the processing is unlawful but you reject the option to have it erased and we do not need the data any more but you need it to enforce, exercise or

defend your legal rights or you have submitted an objection to the processing in accordance with Art. 21 Para. 1 GDPR. If the processing of the personal data relating to you has been restricted, apart from saving it, this data can only be processed with your consent or in order to enforce, exercise or defend legal rights or to protect the rights of another natural or legal person or for reasons of substantive public interest of the union or of a member state. If the restriction of processing has been restrained pursuant to the above conditions, you will be informed by us before the restriction is cancelled.

 

21.4 Right to erasure ("right to be forgotten") 

You have the right to request the erasure of personal data relating to you that is stored with us, unless it is essential for the exercise of the right to the free exchange of opinion and information, processing to fulfil a legal obligation for reasons of public interest or for enforcing, exercising or defending legal rights.

 

21.5 Right to notification 

If you have exercised your right to rectify, erase or restrict processing (21.2-21.4), we will notify all recipients to whom we have disclosed personal data relating to you of this rectification or erasure of the data or of the restriction of processing thereof unless this proves impossible or is associated with unreasonable additional effort.

 

21.6 Right to data portability 

You have the right to have personal data that you provided to us delivered to you or a third party in a structured, standard, machine-readable format. If you require that the data be transmitted directly to another controller, this will only be done if it is technically possible.

 

21.7 Right to object 

If your personal data is processed on the basis of legitimate interests as stipulated in Art. 6 Para. 1 letter f GDPR, you have the right to file an objection to the processing pursuant to Art. 21 GDPR. The controller will discontinue processing personal data relating to you unless it can prove the existence of compelling reasons worthy of protection for continuing to process it which outweigh your interests, rights and freedoms or if processing serves the cause of enforcing, exercising or defending legal rights.

 

21.8 Right to withdraw consents relating to data protection law 

You have the right to withdraw your consent under data protection law at any time with effect for the future. The data that is collected before such withdrawal becomes legally enforceable is unaffected thereby.

 

21.9 Right to lodge a complaint with a supervisory authority 

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular within the Member State of your habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to you infringes the GDPR.


The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

It may be necessary (e.g., in the light of changes to the law) to update our Data Protection Statement. We therefore reserve the right to amend or supplement this Data Protection Statement whenever necessary. We will publish the change here. We therefore recommend that you review this Data Protection Statement regularly to ensure that your knowledge is up to date.